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DETAILED ACTION 

1. Application Number 09/764, 252 was filed on 01/17/2001. Claims 1-57 are 
subject to examination. 

Specification 

2. The disclosure is objected to because of the following informalities: Related arts 
are lacking their corresponding serial numbers. See pagel. Appropriate correction is 
required. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless- 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-13, 15-17, 20- 32, 34-36, 39-51, 53-55 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Nguyen et al. (hereinafter Nguyen) (US 2002/0016926 A1) 
Referring to claim 1, 

The reference Nguyen teaches a method for providing secure communications over a 
network in a distributed workload environment having target hosts which are accessed 
through a distribution processor by a common network address (Fig.9, elements 1302, 
1312, 1304, page 6, para. [0092]), the method comprising the steps of: 
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routing both inbound and outbound communications with target hosts which are 
associated with a secure network communication through the distribution processor; 
and (page 6, para. [0093]), [0095]) 

processing both inbound and outbound secure network communications at the 
distribution processor so as to provide network security processing of communications 
from the target host and network security processing of communications to the target 
host, (page 6, para. [0092], [0101],"Data passing between the virtual ports of two SGDs 
is tunneled and encrypted.") 
Referring to claim 2, 

The reference Nguyen teaches a method according to claim 1 , further comprising the 
steps of: receiving at the distribution processor, network communications directed to the 
common network address; and distributing the received network communications to 
selected ones of the target hosts so as to distribute workload associated with the 
network communications, (page 5, para. [0086], Fig.8a and 8b). 
Referring to claim 3, 

The reference Nguyen teaches a method according to claim 2, further comprising the 
steps of: 

determining if the received network communications are secure network 
communications which are to be distributed to ones of the target hosts; (page 2, [0013], 
[0014]) 

wherein the step of processing both inbound and outbound secure network 
communications at the distribution processor comprises the step of processing the 



Application/Control Number: 09/764,252 Page 4 

Art Unit: 2154 

received network communications so as to provide generic communications to the ones 
of the plurality of target hosts if the received network communications are secure 
network communications which are distributed to ones of the target hosts, (page 7, 
para. [0104], [105]) 
Referring to claim 4, 

The reference Nguyen teaches a method according to claim 3, wherein the step of 
processing both inbound and outbound secure network communications further 
comprises the steps of: receiving at the distribution processor communications from the 
ones of the target hosts which are associated with secure network communications; and 
processing the received communications from the ones of the target hosts so as to 
provide network security for the communications from the ones of the target hosts, 
(page 7, para. [104], [105]) 
Referring to claim 5, 

The reference Nguyen teaches a method according to claim 4, wherein the 
communications received from the target hosts and the generic communications to ones 
of the plurality of target hosts are encapsulated in a generic routing format, (page 3, 
para. [0036], [0039]) 
Referring to claim 6, 

The reference Nguyen teaches a method according to claim 4, wherein the generic 
communications are encapsulated in a generic routing format having sufficient 
information in a header of the generic routing format so as to authenticate the source of 
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the communication between the distribution processor and ones of the plurality of target 
hosts, (page 3, para.[0036],[0039], page 7, para.[0105]) 
Referring to claim 7, 

The reference Nguyen teaches a method according to claim 4, wherein the 
communications received from the target hosts at the distribution processor and the 
generic communications to ones of the plurality of target hosts from the distribution 
processor are communicated over trusted communication links. (Fig.1, elements b, x 
and y, Fig.9, elements 1316 and 1302) 
Referring to claims 8 and 9, 

The reference Nguyen teaches a method according to claim 4, further comprising the 
step of establishing common IP filters for communications encapsulated in a generic 
routing format at the distribution processor and the plurality of target hosts, and wherein 
the common IP filters bypass IP filtering for inbound communications encapsulated in 
the generic routing format, (page 2, para. [0013]-[0018]"After examining IP header and 
transport layer header information, and comparing it to information contained in entries 
located in the SPD, each packet will either be afforded IPSec security services, 
discarded, or allowed to bypass IPSec." page 3, para. [0039],) 
Referring to claim 10, 

The reference teaches a method providing Internet Protocol Security (IPSec) 
communications (page 2 para. [0013]-[0018]) from a network to a plurality of application 
instances executing on a cluster of data processing systems (Fig.9, elements 
1322,1320,1318,1316,1314,1324) utilizing virtual Internet Protocol Address (VIPA) 
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Distributor (Fig.9, elements 1312,1302,1304,1310,1308,1306) to provide a routing 
communication protocol stack which distributes connections to at least one dynamically 
routable VIPA (DVIPA) (Fig.9, elements 1312,1302,1304,1310,1308,1306) to a plurality 
of target communication protocol stacks (Fig.9, elements 
1322,1320,1318,1316,1314,1324), the method comprising the steps of: 

receiving inbound IPSec communications to the DVIPA from the network at the 
routing communication protocol stack (Fig.9, Fig.10); 

performing IPSec processing of the received inbound IPSec communications at 
the routing communication protocol stack to provide non-IPSec communications to a 
first target communication protocol stack associated with the received inbound IPSec 
communications (page 2 para. [0013]-[0018], page7, para.[0105], page 8, para. [01 18]); 

receiving outbound non-IPSec communications associated with the DVIPA from 
a second target communication protocol stack at the routing communication protocol 
stack (Fig.9, Fig.10); and 

performing IPSec processing on the received outbound non-IPSec 
communications at the routing communication protocol stack to provide outbound IPSec 
communications to the network corresponding to the received outbound non-IPSec 
communications (page 2 para. [0013]-[0018], page7, para.[0105]) page 8, para. [01 18]). 
Referring to claim 11, 

The reference teaches a method according to claim 10, wherein the target 
communication protocol stacks carry out the step of sending outbound communications 
associated with a connection utilizing IPSec which is routed through the routing 
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communication protocol stack to the routing communication protocol stack for IPSec 
processing. (Fig.9, Fig.10, page 7, para[0105], page 8, para.[0118]). 
Referring to claim 12, 

The reference teaches a method according to claim 10, wherein the second target 
communication protocol stack further carries out the steps of: determining if an 
outbound communication associated with a connection utilizing IPsec is routed through 
the routing communication protocol stack; sending non-IPSec communications for the 
connection utilizing IPSec to the routing communication protocol stack if the connection 
utilizing IPsec is routed through the routing communication protocol stack; and IPSec 
processing communications if the connection utilizing IPSec is not routed through the 
routing communication protocol stack(Fig.9, Fig.10, page 2, para.[0013]-0018], page 5, 
para.[0086], page 7, para. [0105], page 8, para. [0118]). 
Referring to claim 13, 

The reference teaches a method according to claim 10, where the routing 
communication protocol stack and the plurality of target communication protocol stacks 
communicate utilizing a trusted communication link. (Fig.1, elements b, x and y, Fig.9, 
elements 1316 and 1302) 
Referring to claim 15, 

The reference teaches a method according to claim 10, wherein the routing 
communication protocol stack (Fig.10) further carries out the steps of: 
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encapsulating the IPSec processed communications in a generic routing 
encapsulation (GRE) formatted communication (page 3, para. [0039], page 7, 
para.[0105], page 8, para.[01 18]); and 

sending the GRE formatted communication to the first target communication protocol 
stack over a trusted communication link (Fig.1, elements b, x and y, Fig.9, elements 
1316 and 1302); 

wherein the step of receiving outbound non-IPSec communications from a 
second target communication protocol stack at the routing communication protocol 
stack comprises the step of receiving a GRE encapsulated communication from the 
second target communication protocol stack (page 3, para. [0039], page 7, para.[0105], 
page 8, para.[01 18]); and 

wherein the step of performing IPSec processing on the received outbound non- 
IPSec communications at the routing communication protocol stack to provide outbound 
IPSec communications to the network corresponding to the received outbound non- 
IPSec communications (page 3, para. [0039], page 7, para. [0105], page 8, para. 
[0118]) comprises the steps of: extracting a non-IPSec communication from the 
received GRE encapsulated communication; and IPSec processing the extracted non- 
IPSec communication, (page 2, para.[0013]-[0018], page 3, para. [0039], page 7, para. 
[0105], page 8, para. [0118], Note: GRE - GRE is a protocol that enables the 
encapsulation of an arbitrary network layer protocol (the payload protocol) by another 
arbitrary network layer protocol (the delivery protocol). GRE tunnels are virtual tunnels 
that are created on an intermediary network and that are used to transmit GRE- 
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encapsulated data packets from a first network to a second network. GRE tunnels are 
often used to create a virtual private network ("VPN"). 
Referring to claims 16 and 17, 

The reference teaches a method according to claim 15, further comprising the steps of 
establishing common IP filters for GRE encapsulated communications at the routing 
communication protocol stack and the target communication protocol stacks. 17, and 
wherein the common IP filters bypass IP filtering for inbound GRE encapsulated 
communications (page 2, para. [0013]-[0018]"After examining IP header and transport 
layer header information, and comparing it to information contained in entries located in 
the SPD, each packet will either be afforded IPSec security services, discarded, or 
allowed to bypass IPSec." page 3, para. [0039]). 
Referring to claim 20, 

Claim 20 is a claim to a system that carries out the method of claim 1 . Therefore, claim 

20 is rejected for the reasons set forth for claim 1 . 
Referring to claim 21 , 

Claim 21 is a claim to a system that carries out the method of claim 2. Therefore, claim 

21 is rejected for the reasons set forth for claim 2. 
Referring to claim 22, 

Claim 22 is a claim to a system that carries out the method of claim 3. Therefore, claim 

22 is rejected for the reasons set forth for claim 3. 
Referring to claim 23, 



Application/Control Number: 09/764,252 Page 10 

Art Unit: 2154 

Claim 23 is a claim to a system that carries out the method of claim 4. Therefore, claim 

23 is rejected for the reasons set forth for claim 4. 
Referring to claim 24, 

Claim 24 is a claim to a system that carries out the method of claim 5. Therefore, claim 

24 is rejected for the reasons set forth for claim 5. 
Referring to claim 25, 

Claim 25 is a claim to a system that carries out the method of claim 6. Therefore, claim 

25 is rejected for the reasons set forth for claim 6. 
Referring to claim 26, 

Claim 26 is a claim to a system that carries out the method of claim 7. Therefore, claim 

26 is rejected for the reasons set forth for claim 7. 
Referring to claim 27, 

Claim 27 is a claim to a system that carries out the method of claim 8. Therefore, claim 

27 is rejected for the reasons set forth for claim 8. 
Referring to claim 28, 

Claim 28 is a claim to a system that carries out the method of claim 9. Therefore, claim 

28 is rejected for the reasons set forth for claim 9. 
Referring to claim 29, 

Claim 29 is a claim to a system that carries out the method of claim 10. Therefore, 
claim 29 is rejected for the reasons set forth for claim 10. 
Referring to claim 30, 
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Claim 30 is a claim to a system that carries out the method of claim 1 1 . Therefore, 
claim 30 is rejected for the reasons set forth for claim 1 1 . 
Referring to claim 31 , 

Claim 31 is a claim to a system that carries out the method of claim 12. Therefore, 
claim 31 is rejected for the reasons set forth for claim 12. 
Referring to claim 32, 

Claim 32 is a claim to a system that carries out the method of claim 13. Therefore, 
claim 32 is rejected for the reasons set forth for claim 13. 
Referring to claim 34, 

Claim 34 is a claim to a system that carries out the method of claim 15. Therefore, 
claim 34 is rejected for the reasons set forth for claim 15. 
Referring to claims 35 and 36, 

Claims 35 and 36 are claims to a system that carries out the methods of claims 16 and 
17. Therefore, claims 35 and 36 are rejected for the reasons set forth for claims 16 and 
17. 

Referring to claim 39, 

Claim 39 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 1 . Therefore, claim 39 is rejected for the 
reasons set forth for claim 1 . 
Referring to claim 40, 
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Claim 40 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 2. Therefore, claim 40 is rejected for the 
reasons set forth for claim 1 . 
Referring to claim 41, 

Claim 41 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 3. Therefore, claim 41 is rejected for the 
reasons set forth for claim 3. 
Referring to claim 42, 

Claim 42 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 4. Therefore, claim 42 is rejected for the 
reasons set forth for claim 4. 
Referring to claim 43, 

Claim 43 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 5. Therefore, claim 43 is rejected for the 
reasons set forth for claim 5. 
Referring to claim 44, 

Claim 44 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 6. Therefore, claim 44 is rejected for the 
reasons set forth for claim 6. 
Referring to claim 45, 



Application/Control Number: 09/764,252 Page 13 

Art Unit: 2154 

Claim 45 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 7. Therefore, claim 45 is rejected for the 
reasons set forth for claim 7. 
Referring to claims 46 and 47, 

Claims 46 and 47 are claims to computer readable medium having computer readable 
program code that carries out the method of claims 8 and 9. Therefore, claims 46 and 
47 are rejected for the reasons set forth for claims 8 and 9. 
Referring to claim 48, 

Claim 48 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 10. Therefore, claim 48 is rejected for the 
reasons set forth for claim 10. 
Referring to claim 49, 

Claim 49 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 1 1 . Therefore, claim 49 is rejected for the 
reasons set forth for claim 1 1 . 
Referring to claim 50, 

Claim 50 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 12. Therefore, claim 50 is rejected for the 
reasons set forth for claim 12. 
Referring to claim 51, 
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Claim 51 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 13. Therefore, claim 51 is rejected for the 
reasons set forth for claim 13. 
Referring to claim 53, 

Claim 53 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 15. Therefore, claim 53 is rejected for the 
reasons set forth for claim 1 5. 
Referring to claim 54, 

Claim 54 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 16. Therefore, claim 54 is rejected for the 
reasons set forth for claim 16. 
Referring to claim 55, 

Claim 55 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 17. Therefore, claim 55 is rejected for the 
reasons set forth for claim 1 7. 

Claim Rejections - 35 USC § 103 
4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be" patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Application/Control Number: 09/764,252 Page 15 

Art Unit: 2154 

5. Claims 14, 18, 19, 33, 37, 38, 52, 56 and 57 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Nguyen et al. (hereinafter Nguyen) (US 2002/0016926 A1) 
in view of Klein (US 5, 754, 856) 
Referring to claim 14, 

Keeping in mind the teachings of the reference Nguyen as stated above, although the 
reference teaches the routing communication protocol stack and the plurality of target 
communication protocol stacks communicate utilizing a trusted communication link, the 
reference fails to teach wherein the cluster of data processing systems comprises a 
Sysplex and wherein the trusted communication link is a cross coupling facility of the 
Sysplex. The reference Klein teaches "In accordance with the present invention the 
native IBM XCF facility available in MVS/ESA is used as an asynchronous transport 
mechanism between MVS tasks which may reside on the same or different physical 
machines as long as they reside in a MVS SYSPLEX configuration.", col.1, lines 20-25. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
of invention was made to use the teachings of Nguyen to enhance the system of Klein 
such that "Each message is sent via the XCF facility to each of the eligible recipient 
tasks. Each recipient task includes a receiving module for receiving and queuing the 
messages and notifying the task that the message has arrived. This technique provides 
fast and low overhead transport common to tasks on the same or different platforms. 
Also, the invention includes the ability to mirror the message to multiple named tasks 
from a single source task transparently to the source task. Further, the message may 
be sent to the first named task in a group of eligible tasks so that when a task becomes 
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inactive the message is sent to the next task in the directory with the same name 
automatically, as taught by Klein. 
Referring to claim 18, 

Keeping in mind the teachings of the reference Nguyen as stated above, although the 
reference teaches the routing communication protocol stack and the plurality of target 
communication protocol stacks communicate utilizing a trusted communication link and 
GRE encapsulated communications, the reference fails to teach wherein the cluster of 
data processing systems comprises a Sysplex and wherein the routing communication 
protocol stack and the target communication protocol stacks communicate utilizing a 
cross coupling facility (XCF) of the Sysplex and wherein communications include an 
XCF source address and an XCF destination address in an outer GRE header (Note: 
Note : GRE - GRE is a protocol that enables the encapsulation of an arbitrary network 
layer protocol (the payload protocol) by another arbitrary network layer protocol (the 
delivery protocol). GRE tunnels are virtual tunnels that are created on an intermediary 
network and that are used to transmit GRE-encapsulated data packets from a first 
network to a second network. GRE tunnels are often used to create a virtual private 
network ("VPN"). The reference Klein teaches "In accordance with the present invention 
the native IBM XCF facility available in MVS/ESA is used as an asynchronous transport 
mechanism between MVS tasks which may reside on the same or different physical 
machines as long as they reside in a MVS SYSPLEX configuration.", col.1, lines 20-25. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
of invention was made to use the teachings of Nguyen to enhance the system of Klein 
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such that "Each message is sent via the XCF facility to each of the eligible recipient 
tasks. Each recipient task includes a receiving module for receiving and queuing the 
messages and notifying the task that the message has arrived. This technique provides 
fast and low overhead transport common to tasks on the same or different platforms. 
Also, the invention includes the ability to mirror the message to multiple named tasks 
from a single source task transparently to the source task. Further, the message may 
be sent to the first named task in a group of eligible tasks so that when a task becomes 
inactive the message is sent to the next task in the directory with the same name 
automatically, as taught by Klein. 
Referring to claim 19, 

Keeping in mind the teachings of the reference Nguyen as stated above, the reference 
teaches the routing communication protocol stack and the plurality of target 
communication protocol stacks communicate utilizing a trusted communication link and 
GRE encapsulated communications, it also teaches "After examining IP header and 
transport layer header information, and comparing it to information contained in entries 
located in the SPD, each packet will either be afforded IPSec security services, 
discarded, or allowed to bypass IPSec", page 2, para.[0013] (evaluating an . IP address 
of a physical link over which a GRE encapsulated communication was received and an 
IP address in the received GRE encapsulated communication) , however, the reference 
fails to teach communication was received over an XCF link. The reference Klein 
teaches "In accordance with the present invention the native IBM XCF facility available 
in MVS/ESA is used as an asynchronous transport mechanism between MVS tasks 
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which may reside on the same or different physical machines as long as they reside in a 
MVS SYSPLEX configuration.", col.1, lines 20-25 (communication was received over an 
XCF link). Therefore, it would have been obvious to one having ordinary skill in the art 
at the time of invention was made to use the teachings of Nguyen to enhance the 
system of Klein such that anything that is not received over XCF link can be discarded 
by the IPsec. Also, Each message is sent via the XCF facility to each of the eligible 
recipient tasks. Each recipient task includes a receiving module for receiving and 
queuing the messages and notifying the task that the message has arrived. This 
technique provides fast and low overhead transport common to tasks on the same or 
different platforms. Also, the invention includes the ability to mirror the message to 
multiple named tasks from a single source task transparently to the source task. 
Further, the message may be sent to the first named task in a group of eligible tasks so 
that when a task becomes inactive the message is sent to the next task in the directory 
with the same name automatically, as taught by Klein. 
Referring to claim 33, 

Claim 33 is a claim to a system that carries out the method of claim 14. Therefore, 
claim 33 is rejected for the reasons set forth for claim 14. 
Referring to claims 37 and 38, 

Claims 37 and 38 are claims to a system that carries out the methods of claims 18 and 
19. Therefore, claims 37 and 38 are rejected for the reasons set forth for claims 18 and 
19. 

Referring to claim 52, 
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Claim 52 is a claim to a computer readable medium having computer readable program 
code that carries out the method of claim 14. Therefore, claim 52 is rejected for the 
reasons set forth for claim 14. 
Referring to claims 56 and 57, 

Claims 56 and 57 are claims to computer readable medium having computer readable 
program code that carries out the method of claims 18 and 19. Therefore, claims 56 
and 57 are rejected for the reasons set forth for claims 18 and 19. 

Conclusion 

Examiner's note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ashok B. Patel whose telephone number is (571) 272- 
3972. The examiner can normally be reached on 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A Follansbee can be reached on (571) 272-3964. The fax phone 
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number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
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